Avast and scienceforums.net

[CharonY]

I have Avast one computer and while browsing the forums, seemingly at random points I get an infection blocked message.

E.g. while clicking on this the biochem link I get: link: http://www.scienceforums.net/forum/14-biochemistry-and-molecular-biology/|{gzip}

Infection: HTML:Script-inf

 

Anyone else having these issues?

[imatfaal]

yes - but it went away before I got around to doing anything about it

[MonDie]

I've no real experience, but a man-in-the-middle could inject malicious code. Perhaps check SFN's ping between now and when it gives warnings. That is, if it's allowed. I can't ping it.

Edited May 28, 2015 by MonDie

[Cap'n Refsmmat]

The SFN server doesn't respond to pings, so that wouldn't help. Man-in-the-middle attacks are fairly rare unless you're targeted by the NSA or using dodgy free wifi.

 

The Avast warning sounds like it thinks there's malicious JavaScript on our pages. This is related to the malware warnings we had before. I will try to hunt down the problem further, because apparently it keeps recurring.

[Endy0816]

Found this:

 

 

khundalt.org - scienceforums.net

https://isc.sans.edu/forums/diary/Actor+using+Fiesta+exploit+kit/19631/

 

not sure what steps would need to be taken to clean the forum though.

[Cap'n Refsmmat]

Thanks, that's helpful. I still haven't figured out how the compromise happens, but hopefully I'll find something.

[studiot]

I have just returned from my sojurn in Scotland and I am reading this on my Avastpro protected system.

 

Avast see see no problem with SF, although I has reported issues in the past.

 

It is, however, offering a program update (as opposed to a database update).

 

I wonder if the issue is generated by the udated version of Avast.

I have seen this on previous occasions with updates.

 

Thank you endy for that highly informative link. +1

The good guys must stick together on this.

Edited May 29, 2015 by studiot